class SessionController < ApplicationController
  include Authorizable

  skip_before_action :signed_in_user, except: [:destroy]

  def new
    if signed_in?
      flash[:danger] = I18n.t "already_signed_in"
      redirect_to '/'
    end
  end

  def create
    user = User.find_by(username: params[:username])
    if user.nil?
      flash[:danger] = "用户不存在"
      redirect_to '/sign_in'
    elsif user.authenticate(params[:password])
      flash[:danger] = "登录成功"
      sign_in(user)
      redirect_to '/'
    else
      flash[:danger] = "密码错误"
      redirect_to '/sign_in'
    end
  end

  def destroy
    sign_out
  end
end